I am still trying to understand the Ethereum design, and one thing I can't work out is if all Ethereum nodes are supposed to expose the JavaScript API and if that is supposed to be publically available?

So if I want to consume Ethereum "as a server" from something like a mobile app, can I just point to some random public node and call it using web3.js?

1 Answer
1

While individuals may choose to make their Ethereum node publicly available, in most cases this is not necessary nor encouraged. The two main reasons for this are:

As a client, you cannot necessarily trust a "random public node" to be honest. There is nothing preventing someone from implementing an API that appears to be a valid JSON-RPC Ethereum node, but serves completely false information. The server could lie about balances, contract state, etc.

As a server, exposing a public interface increases your poptential atack surface. Exposing an interface to the public would require you to open a port through your router, which can lead to security issues, and also declares to the world that your computer hosts cryptocurrency software, and thus is likely a valuable target for hacking.

Thus, it is generally the case that Ethereum nodes should only be open to and used by the public if the node is part of a service specifically designed to handle these issues, for example INFURA.

That makes sense, but to me Infura is an example of centralisation
– SentinelJul 1 '17 at 18:44

Yes, it's centralized, but until light clients come along it's also pretty much the only option for mobile devices and such.
– Tjaden Hess♦Jul 1 '17 at 18:45

Yes I am trying to design an Ethereum based service for a mobile app. It is looking like I will have to build a light client to do this properly. Infura looks like the wrong way
– SentinelJul 1 '17 at 18:52